MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 18


Intelligence 18 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
SHA3-384 hash: 8abac3dd17738174d44a439613b48975e6b79ca4459f93634ccd6f024dafa38e9155ef6923e46113fb83d60341d12e3f
SHA1 hash: 8b72055e2f35cc86c1c3217ec97c4c77366160ad
MD5 hash: d83f8ce0d80c6bb1295fb21e78c2df7f
humanhash: potato-bacon-artist-island
File name:shipping document.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:588'288 bytes
First seen:2023-07-05 13:21:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:Bm/mcSqWrS3JjR8enarv7mUNcNydqVFuHZxb8eHxYWFnoe:2oqWxearxmEIE3b8eHxYWFo
Threatray 4'562 similar samples on MalwareBazaar
TLSH T16FC4593C1CBD5E33C034D2A68F95D461F158C5EB32A18F3667C7AAA54A1E90229CBD3D
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
US US
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
shipping document.exe
Verdict:
Malicious activity
Analysis date:
2023-07-05 13:22:27 UTC
Tags:
agenttesla rat
Link:
https://app.any.run/tasks/d5b6fb6d-3098-42b5-a76c-845f2ccd6595

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/407717/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67957774.3719.25008.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/64a56e7c1aae5c95e186baf7/reports/d8281e3c-0203-4607-aa55-df52a75bffde/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3135f1d0-119d-4687-a393-a64845590bc6
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1267472
Signature
.NET source code contains very large strings
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-07-04 02:58:41 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkvahnw4qgjmrdymu2tr5zmj4cjejl3odkc6kz7dc7ajwceeejta._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
AgentTesla
48e818e3ee1431371b9954e069559708501784ad1a8a88b58fae48adaf5d94c0
AgentTesla
6673285a97d7ef391c811a7372c1033ce8f117f8f15702782461ff4737636ce8
AgentTesla
85516b5e6517acd4dc26d67b6ae16d9f8373eed6e33e858c0842dc2545eaa2fe
AgentTesla
8668cd0f536fc0fb2d750d9d4ed492ac9435a32b7ade9f3e427af470bab09bf9
AgentTesla
903ea42c02e8a30f6ad63666de0748b4fd4c2758c220b39af57269d1eebebb9d
AgentTesla
a66814d509d2386f2dcff674de026b092a29bb4851710954496fe95fb2df8356
AgentTesla
ea36848fbd83564e724d8b4cfdd06f1763b6d6954928154d8d9715c6162432b6
AgentTesla
f24d872f7b39540fc137f8e348c0aed12d0162bebaca879775ffecc9ac2acb9b
AgentTesla
+ 4'552 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230705-ql8vzseb3v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
da7e01b4d96529054898aa7a254ce4dd1deac3a59093d19fec839e5fd813ad3a
MD5 hash:
5ab0fd653ad4d36d895fe0503737de74
SHA1 hash:
dc483c8ae15dff44fdedc59625dcb6a8cd379be7
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
e8473f398d935b7e41d5537e7cb1c8b4694f8f998bb068c162eb6938fbb72919
MD5 hash:
19efb57a57a045dd665f5953188dfeb4
SHA1 hash:
600272de478b79730f4a49983e30e3dfe4889126
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
Parent samples :
8668cd0f536fc0fb2d750d9d4ed492ac9435a32b7ade9f3e427af470bab09bf9
f2927830e4233d9249db711122cafe8f85bf91afa44409b63aacf64b28176356
c4c9edf6afbb7299ed861464f6235508fe155c28df677fc2c25f7b2ff47d0131
c27a4d017b1886d697758f747979b46b1f2d6012ba043869d56b07afab0c88c9
85c5b8ce343047febb9f3313f1cde4e1a37dec4a776addf9d4d6db10758c290b
903ea42c02e8a30f6ad63666de0748b4fd4c2758c220b39af57269d1eebebb9d
6673285a97d7ef391c811a7372c1033ce8f117f8f15702782461ff4737636ce8
5527c6e95c67b38151fbbf6f5d18671d56c96f27f66981029c633a413e73d7b0
a66814d509d2386f2dcff674de026b092a29bb4851710954496fe95fb2df8356
ea36848fbd83564e724d8b4cfdd06f1763b6d6954928154d8d9715c6162432b6
f24d872f7b39540fc137f8e348c0aed12d0162bebaca879775ffecc9ac2acb9b
85516b5e6517acd4dc26d67b6ae16d9f8373eed6e33e858c0842dc2545eaa2fe
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
48e818e3ee1431371b9954e069559708501784ad1a8a88b58fae48adaf5d94c0
876aefee92ee7079d9b36fd7f8a2f236399491f91aac1acd02a6fe9f2e504fc1
b3cd9244d9b558968bf4b52e8c25a54b2b08a2d0e941c517e1c2d91be1e61e31
c7af3f3f01a34453516de99df2636838f245ef676e8673a8e42518c56d7dc9be
ff95e15474679698dd9c024cb00e3f6dd5af4cc0809c3a932f5e8f3aab47ace5
fc887e3b9f751251d19e139b44768b825879332a0a7419ba038cd758d92db53f
14cd4896eaacdfc8b02c8496fc9e589e7252e7a17979993d386247eef8932301
8b5a226b8ceaa34a62e53ad86616bbbd3c6b8f8644d36fe59bf390153f6946c5
dc7f9c2cbc0466c884b6fcfa3430a74b2e582446e4560133495cabb5ce05c940
6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24
SH256 hash:
973512f00ba81a790d2351f286c79dfea92692c9f7cd724e22ab11ff282f8130
MD5 hash:
3794c5f7b240e4184d6ea90c5bdd9ec6
SHA1 hash:
26b9c4a753779b4994fe38c16dfe70b07efd3e0d
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
da7e01b4d96529054898aa7a254ce4dd1deac3a59093d19fec839e5fd813ad3a
MD5 hash:
5ab0fd653ad4d36d895fe0503737de74
SHA1 hash:
dc483c8ae15dff44fdedc59625dcb6a8cd379be7
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
e8473f398d935b7e41d5537e7cb1c8b4694f8f998bb068c162eb6938fbb72919
MD5 hash:
19efb57a57a045dd665f5953188dfeb4
SHA1 hash:
600272de478b79730f4a49983e30e3dfe4889126
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
Parent samples :
8668cd0f536fc0fb2d750d9d4ed492ac9435a32b7ade9f3e427af470bab09bf9
f2927830e4233d9249db711122cafe8f85bf91afa44409b63aacf64b28176356
c4c9edf6afbb7299ed861464f6235508fe155c28df677fc2c25f7b2ff47d0131
c27a4d017b1886d697758f747979b46b1f2d6012ba043869d56b07afab0c88c9
85c5b8ce343047febb9f3313f1cde4e1a37dec4a776addf9d4d6db10758c290b
903ea42c02e8a30f6ad63666de0748b4fd4c2758c220b39af57269d1eebebb9d
6673285a97d7ef391c811a7372c1033ce8f117f8f15702782461ff4737636ce8
5527c6e95c67b38151fbbf6f5d18671d56c96f27f66981029c633a413e73d7b0
a66814d509d2386f2dcff674de026b092a29bb4851710954496fe95fb2df8356
ea36848fbd83564e724d8b4cfdd06f1763b6d6954928154d8d9715c6162432b6
f24d872f7b39540fc137f8e348c0aed12d0162bebaca879775ffecc9ac2acb9b
85516b5e6517acd4dc26d67b6ae16d9f8373eed6e33e858c0842dc2545eaa2fe
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
48e818e3ee1431371b9954e069559708501784ad1a8a88b58fae48adaf5d94c0
876aefee92ee7079d9b36fd7f8a2f236399491f91aac1acd02a6fe9f2e504fc1
b3cd9244d9b558968bf4b52e8c25a54b2b08a2d0e941c517e1c2d91be1e61e31
c7af3f3f01a34453516de99df2636838f245ef676e8673a8e42518c56d7dc9be
ff95e15474679698dd9c024cb00e3f6dd5af4cc0809c3a932f5e8f3aab47ace5
fc887e3b9f751251d19e139b44768b825879332a0a7419ba038cd758d92db53f
14cd4896eaacdfc8b02c8496fc9e589e7252e7a17979993d386247eef8932301
8b5a226b8ceaa34a62e53ad86616bbbd3c6b8f8644d36fe59bf390153f6946c5
dc7f9c2cbc0466c884b6fcfa3430a74b2e582446e4560133495cabb5ce05c940
6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24
SH256 hash:
973512f00ba81a790d2351f286c79dfea92692c9f7cd724e22ab11ff282f8130
MD5 hash:
3794c5f7b240e4184d6ea90c5bdd9ec6
SHA1 hash:
26b9c4a753779b4994fe38c16dfe70b07efd3e0d
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
da7e01b4d96529054898aa7a254ce4dd1deac3a59093d19fec839e5fd813ad3a
MD5 hash:
5ab0fd653ad4d36d895fe0503737de74
SHA1 hash:
dc483c8ae15dff44fdedc59625dcb6a8cd379be7
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
e8473f398d935b7e41d5537e7cb1c8b4694f8f998bb068c162eb6938fbb72919
MD5 hash:
19efb57a57a045dd665f5953188dfeb4
SHA1 hash:
600272de478b79730f4a49983e30e3dfe4889126
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
Parent samples :
8668cd0f536fc0fb2d750d9d4ed492ac9435a32b7ade9f3e427af470bab09bf9
f2927830e4233d9249db711122cafe8f85bf91afa44409b63aacf64b28176356
c4c9edf6afbb7299ed861464f6235508fe155c28df677fc2c25f7b2ff47d0131
c27a4d017b1886d697758f747979b46b1f2d6012ba043869d56b07afab0c88c9
85c5b8ce343047febb9f3313f1cde4e1a37dec4a776addf9d4d6db10758c290b
903ea42c02e8a30f6ad63666de0748b4fd4c2758c220b39af57269d1eebebb9d
6673285a97d7ef391c811a7372c1033ce8f117f8f15702782461ff4737636ce8
5527c6e95c67b38151fbbf6f5d18671d56c96f27f66981029c633a413e73d7b0
a66814d509d2386f2dcff674de026b092a29bb4851710954496fe95fb2df8356
ea36848fbd83564e724d8b4cfdd06f1763b6d6954928154d8d9715c6162432b6
f24d872f7b39540fc137f8e348c0aed12d0162bebaca879775ffecc9ac2acb9b
85516b5e6517acd4dc26d67b6ae16d9f8373eed6e33e858c0842dc2545eaa2fe
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
48e818e3ee1431371b9954e069559708501784ad1a8a88b58fae48adaf5d94c0
876aefee92ee7079d9b36fd7f8a2f236399491f91aac1acd02a6fe9f2e504fc1
b3cd9244d9b558968bf4b52e8c25a54b2b08a2d0e941c517e1c2d91be1e61e31
c7af3f3f01a34453516de99df2636838f245ef676e8673a8e42518c56d7dc9be
ff95e15474679698dd9c024cb00e3f6dd5af4cc0809c3a932f5e8f3aab47ace5
fc887e3b9f751251d19e139b44768b825879332a0a7419ba038cd758d92db53f
14cd4896eaacdfc8b02c8496fc9e589e7252e7a17979993d386247eef8932301
8b5a226b8ceaa34a62e53ad86616bbbd3c6b8f8644d36fe59bf390153f6946c5
dc7f9c2cbc0466c884b6fcfa3430a74b2e582446e4560133495cabb5ce05c940
6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24
SH256 hash:
973512f00ba81a790d2351f286c79dfea92692c9f7cd724e22ab11ff282f8130
MD5 hash:
3794c5f7b240e4184d6ea90c5bdd9ec6
SHA1 hash:
26b9c4a753779b4994fe38c16dfe70b07efd3e0d
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
da7e01b4d96529054898aa7a254ce4dd1deac3a59093d19fec839e5fd813ad3a
MD5 hash:
5ab0fd653ad4d36d895fe0503737de74
SHA1 hash:
dc483c8ae15dff44fdedc59625dcb6a8cd379be7
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
e8473f398d935b7e41d5537e7cb1c8b4694f8f998bb068c162eb6938fbb72919
MD5 hash:
19efb57a57a045dd665f5953188dfeb4
SHA1 hash:
600272de478b79730f4a49983e30e3dfe4889126
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
Parent samples :
8668cd0f536fc0fb2d750d9d4ed492ac9435a32b7ade9f3e427af470bab09bf9
f2927830e4233d9249db711122cafe8f85bf91afa44409b63aacf64b28176356
c4c9edf6afbb7299ed861464f6235508fe155c28df677fc2c25f7b2ff47d0131
c27a4d017b1886d697758f747979b46b1f2d6012ba043869d56b07afab0c88c9
85c5b8ce343047febb9f3313f1cde4e1a37dec4a776addf9d4d6db10758c290b
903ea42c02e8a30f6ad63666de0748b4fd4c2758c220b39af57269d1eebebb9d
6673285a97d7ef391c811a7372c1033ce8f117f8f15702782461ff4737636ce8
5527c6e95c67b38151fbbf6f5d18671d56c96f27f66981029c633a413e73d7b0
a66814d509d2386f2dcff674de026b092a29bb4851710954496fe95fb2df8356
ea36848fbd83564e724d8b4cfdd06f1763b6d6954928154d8d9715c6162432b6
f24d872f7b39540fc137f8e348c0aed12d0162bebaca879775ffecc9ac2acb9b
85516b5e6517acd4dc26d67b6ae16d9f8373eed6e33e858c0842dc2545eaa2fe
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
48e818e3ee1431371b9954e069559708501784ad1a8a88b58fae48adaf5d94c0
876aefee92ee7079d9b36fd7f8a2f236399491f91aac1acd02a6fe9f2e504fc1
b3cd9244d9b558968bf4b52e8c25a54b2b08a2d0e941c517e1c2d91be1e61e31
c7af3f3f01a34453516de99df2636838f245ef676e8673a8e42518c56d7dc9be
ff95e15474679698dd9c024cb00e3f6dd5af4cc0809c3a932f5e8f3aab47ace5
fc887e3b9f751251d19e139b44768b825879332a0a7419ba038cd758d92db53f
14cd4896eaacdfc8b02c8496fc9e589e7252e7a17979993d386247eef8932301
8b5a226b8ceaa34a62e53ad86616bbbd3c6b8f8644d36fe59bf390153f6946c5
dc7f9c2cbc0466c884b6fcfa3430a74b2e582446e4560133495cabb5ce05c940
6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24
SH256 hash:
973512f00ba81a790d2351f286c79dfea92692c9f7cd724e22ab11ff282f8130
MD5 hash:
3794c5f7b240e4184d6ea90c5bdd9ec6
SHA1 hash:
26b9c4a753779b4994fe38c16dfe70b07efd3e0d
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
SH256 hash:
aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266
MD5 hash:
d83f8ce0d80c6bb1295fb21e78c2df7f
SHA1 hash:
8b72055e2f35cc86c1c3217ec97c4c77366160ad
Link:
https://www.unpac.me/results/7b586209-3f32-4f5d-847f-aa6a3edbc3f8/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/aaaa03b6dc81/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/aaaa03b6dc8192c88f0ca6a71ee589e09244af6e1a85e567e317c09b08842266

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/407717/

Comments